Skip to content

Commit

Permalink
build and push Docker image based on Chainguard base image (#13137)
Browse files Browse the repository at this point in the history
  • Loading branch information
v1v authored May 24, 2024
1 parent fff236c commit b070b3c
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 6 deletions.
25 changes: 25 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,28 @@ jobs:
go-version-file: go.mod
cache: false
- run: make package-snapshot
env:
GH_TOKEN: ${{ github.token }}

test-package-and-push:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false)
env:
GENERATE_CHAINGUARD_IMAGES: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
with:
registry: docker.elastic.co
secret: secret/observability-team/ci/docker-registry/prod
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
- run: make package-snapshot
env:
GH_TOKEN: ${{ github.token }}
- run: make publish-docker-images
32 changes: 29 additions & 3 deletions packaging.mk
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,39 @@ DOCKER_IMAGES := \
build/docker/apm-server-ubi-$(APM_SERVER_VERSION).txt \
build/docker/apm-server-ubi-$(APM_SERVER_VERSION)-SNAPSHOT.txt

# If GENERATE_CHAINGUARD_IMAGES is set then generate chainguard docker images.
ifdef GENERATE_CHAINGUARD_IMAGES
DOCKER_IMAGES := $(DOCKER_IMAGES) \
build/docker/apm-server-chainguard-$(APM_SERVER_VERSION).txt \
build/docker/apm-server-chainguard-$(APM_SERVER_VERSION)-SNAPSHOT.txt
endif

build/docker/%.txt: DOCKER_IMAGE_TAG := docker.elastic.co/apm/apm-server:%
build/docker/%.txt: VERSION := $(APM_SERVER_VERSION)
build/docker/%.txt: DOCKER_FILE_ARGS := -f packaging/docker/Dockerfile
build/docker/%-SNAPSHOT.txt: VERSION := $(APM_SERVER_VERSION)-SNAPSHOT
build/docker/apm-server-ubi-%.txt: DOCKER_BUILD_ARGS+=--build-arg BASE_IMAGE=docker.elastic.co/ubi9/ubi-minimal
build/docker/apm-server-chainguard-%.txt: DOCKER_FILE_ARGS := -f packaging/docker/Dockerfile.chainguard

INTERNAL_DOCKER_IMAGE := docker.elastic.co/observability-ci/apm-server-internal

.PHONY: $(DOCKER_IMAGES)
$(DOCKER_IMAGES):
@mkdir -p $(@D)
docker build --iidfile="$(@)" --build-arg GOLANG_VERSION=$(GOLANG_VERSION) --build-arg VERSION=$(VERSION) $(DOCKER_BUILD_ARGS) -f packaging/docker/Dockerfile .

# Docker image tarballs. We distribute UBI8 Docker images only for AMD64.
docker build --iidfile="$(@)" \
--build-arg GOLANG_VERSION=$(GOLANG_VERSION) \
--build-arg VERSION=$(VERSION) \
$(DOCKER_BUILD_ARGS) \
--tag $(INTERNAL_DOCKER_IMAGE):$(VERSION)$(if $(findstring arm64,$(GOARCH)),-arm64)$(if $(findstring chainguard,$(@)),-chainguard) \
$(DOCKER_FILE_ARGS) .

# Docker image tarballs. We distribute UBI Docker images only for AMD64.
DOCKER_IMAGE_SUFFIX := docker-image$(if $(findstring arm64,$(GOARCH)),-arm64).tar.gz
DOCKER_IMAGE_PREFIXES := apm-server $(if $(findstring amd64,$(GOARCH)), apm-server-ubi)
# If GENERATE_CHAINGUARD_IMAGES is set then generate chainguard docker images.
ifdef GENERATE_CHAINGUARD_IMAGES
DOCKER_IMAGE_PREFIXES := $(DOCKER_IMAGE_PREFIXES) apm-server-chainguard
endif
DOCKER_IMAGE_RELEASE_TARBALLS := $(patsubst %, $(DISTDIR)/%-$(APM_SERVER_VERSION)-$(DOCKER_IMAGE_SUFFIX), $(DOCKER_IMAGE_PREFIXES))
DOCKER_IMAGE_SNAPSHOT_TARBALLS := $(patsubst %, $(DISTDIR)/%-$(APM_SERVER_VERSION)-SNAPSHOT-$(DOCKER_IMAGE_SUFFIX), $(DOCKER_IMAGE_PREFIXES))

Expand Down Expand Up @@ -186,7 +206,10 @@ build/dependencies-$(APM_SERVER_VERSION)-SNAPSHOT.csv: build/dependencies-$(APM_
cp $< $@

package-docker: $(DOCKER_IMAGE_RELEASE_TARBALLS)
@echo ">> $(DOCKER_IMAGE_RELEASE_TARBALLS)"

package-docker-snapshot: $(DOCKER_IMAGE_SNAPSHOT_TARBALLS)
@echo ">> $(DOCKER_IMAGE_SNAPSHOT_TARBALLS)"

package: \
package-docker \
Expand All @@ -200,3 +223,6 @@ package-snapshot: \
$(DOCKER_IMAGE_SNAPSHOT_TARBALLS) \
$(DISTDIR)/apm-server-ironbank-$(APM_SERVER_VERSION)-SNAPSHOT-docker-build-context.tar.gz \
build/dependencies-$(APM_SERVER_VERSION)-SNAPSHOT.csv

publish-docker-images:
docker push --all-tags $(INTERNAL_DOCKER_IMAGE)
13 changes: 10 additions & 3 deletions packaging/docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,24 +1,31 @@
ARG BASE_IMAGE=ubuntu:22.04
ARG GOLANG_VERSION

################################################################################
# Build stage 0
# Build the apm-server binary. The golang image version is kept
# up to date with go.mod by Makefile.
################################################################################
FROM golang:${GOLANG_VERSION} as builder
WORKDIR /src
COPY go.mod go.sum /src/
COPY go.mod go.sum .go-version /src/
COPY internal/glog/go.mod /src/internal/glog/go.mod
RUN --mount=type=cache,target=/go/pkg/mod go mod download
COPY Makefile *.mk /src
COPY Makefile *.mk /src/
COPY cmd /src/cmd
COPY internal /src/internal
COPY x-pack /src/x-pack
COPY .git /src/.git
COPY script /src/script

ENV GOROOT /usr/local/go
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
make apm-server

################################################################################
# Build stage 1
# Copy prepared files from the previous stage and complete the image.
################################################################################
FROM ${BASE_IMAGE}
ARG TARGETARCH
ARG BUILD_DATE
Expand Down
2 changes: 2 additions & 0 deletions packaging/docker/Dockerfile.chainguard
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
FROM docker.elastic.co/wolfi/chainguard-base:20230214
RUN echo 'TBC'

0 comments on commit b070b3c

Please sign in to comment.